Fix CVE-2020-27752

2021-04-29 19:13:54 +08:00 · 2021-04-29 19:13:54 +08:00 · df9202f731
commit df9202f731
parent eb35d9ac50
2 changed files with 35 additions and 1 deletions
--- a/CVE-2020-27752.patch
+++ b/CVE-2020-27752.patch
@ -0,0 +1,30 @@
 From 5d04522afcfec1feaddbec9ba0f796231aee2ebb Mon Sep 17 00:00:00 2001
 From: Cristy <urban-warrior@imagemagick.org>
 Date: Tue, 8 Dec 2020 17:09:09 +0000
 Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1752
 ---
 coders/png.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/coders/png.c b/coders/png.c
 index ee6fba2..4107410 100644
 --- a/coders/png.c
 +++ b/coders/png.c
@@ -11177,11 +11177,11 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info,
       (void) LogMagickEvent(CoderEvent,GetMagickModule(),
         "    Allocating %.20g bytes of memory for pixels",(double) rowbytes);
     }
 -  pixel_info=AcquireVirtualMemory(rowbytes+256,sizeof(*ping_pixels));
 +  pixel_info=AcquireVirtualMemory(rowbytes,sizeof(*ping_pixels));
   if (pixel_info == (MemoryInfo *) NULL)
     png_error(ping,"Allocation of memory for pixels failed");
   ping_pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
 -  (void) memset(ping_pixels,0,(rowbytes+256)*sizeof(*ping_pixels));
 +  (void) memset(ping_pixels,0,rowbytes*sizeof(*ping_pixels));
   /*
     Initialize image scanlines.
   */
 -- 
 2.23.0
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.10.67
-Release:        21
+Release:        22
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@ -54,6 +54,7 @@ Patch0044:      CVE-2020-25666-2.patch
 Patch0045:      CVE-2020-25675.patch
 Patch0046:      CVE-2020-27755.patch
 Patch0047:      CVE-2019-18853.patch
 Patch0048:      CVE-2020-27752.patch
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -210,6 +211,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 %changelog
 * Thu Apr 29 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-22
 - Fix CVE-2020-27752
 * Mon Apr 12 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-21
 - Fix CVE-2019-18853 CVE-2020-27755